CVE-2010-1000

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-1000
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64690
http://secunia.com/advisories/39528 Vendor Advisory
http://secunia.com/advisories/39787 Vendor Advisory
http://secunia.com/advisories/42423 Vendor Advisory
http://secunia.com/secunia_research/2010-69/ Vendor Advisory
http://securitytracker.com/id?1023984
http://www.kde.org/info/security/advisory-20100513-1.txt Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:098
http://www.securityfocus.com/archive/1/511281/100/0/threaded
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://www.securityfocus.com/bid/40141
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142 Vendor Advisory
http://www.vupen.com/english/advisories/2010/1144 Vendor Advisory
http://www.vupen.com/english/advisories/2010/3096 Vendor Advisory
http://www.vupen.com/english/advisories/2011/1101
https://exchange.xforce.ibmcloud.com/vulnerabilities/58628
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.0:rc:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.80:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.85:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.1.96:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.2:beta2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.2:rc:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.0:beta1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.0:beta3:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-05-17 21:00

Updated : 2023-12-10 11:03

NVD link : CVE-2010-1000

Mitre link : CVE-2010-1000

CVE.ORG link : CVE-2010-1000

JSON object : View

Products Affected

kde

  • kde_sc
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')